Following a recent announcement by cPanel concerning a potential Apache vulnerabilities we are now upgrading our servers. Whilst the vast majority of our clients will only see performance enhancements there is a possibility that some clients running older PHP scripts on their site(s) may be affected.
Suject: EasyApache 3.24.14 Released:
cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27.AFFECTED VERSIONS
All versions of Apache version 2.2 before 2.2.27.
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-0098 – MEDIUM
Fixed bug in the mod_log_config module related to CVE-2014-0098.
CVE-2013-6438 – MEDIUM
Fixed bug in the mod_dav module related to CVE-2013-6438.
That means, both the Apache and PHP upgrade is now inevitable. It is a great security risk so we are upgrading the current Apache version to 2.2.27 and PHP version to the next stable PHP version i.e. Version 5.3.28. Most of the scripts, PHP applications are already compatible with this PHP version.
What to do Now
Please make sure that you are running the latest version of your scripts and if you using WordPress, Joomla, Drupal etc please ensure you update to the latest version of the software. Don’t forget to upgrade any associated plugins also.
If your site is affected then please email Slick Media Support and we will aim to advise you on possible courses of action. We regret that sites that are running older scripts will either require upgrading or a transfer to an alternate hosting provider that is not addressing these vulnerabilities.